PLAN-324 still allow editing your own data

- you can see and edit your own restricted data - you cannot see and edit the restricted data of others unless you are an admin
PlanoramaEvents · Jun 4, 2022 · 95cd4f1 · 95cd4f1
1 parent 4452c7b
commit 95cd4f1
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 6 deletions.
diff --git a/app/javascript/profile/person_demographics.vue b/app/javascript/profile/person_demographics.vue
@@ -2,13 +2,11 @@
   <section>
     <div class="d-flex flex-row mt-3">
       <div class="w-50 mr-2">
-        <!-- TODO change edit permissions to sensitive data tickybox -->
-        <h5>Demographics <edit-button v-b-modal.person-demo-modal v-if="currentUserIsAdmin"></edit-button></h5>
+        <h5>Demographics <edit-button v-b-modal.person-demo-modal v-if="canEditInfo"></edit-button></h5>
         <dl-person :fields="demoFields"></dl-person>
       </div>
       <div class="w-50">
-        <!-- TODO change edit permissions to sensitive data tickybox -->
-        <h5>Community memberships <edit-button v-b-modal.person-community-modal v-if="currentUserIsAdmin"></edit-button></h5>
+        <h5>Community memberships <edit-button v-b-modal.person-community-modal v-if="canEditInfo"></edit-button></h5>
         <dl-person :fields="communityFields"></dl-person>
       </div>
     </div>
@@ -94,6 +92,10 @@ export default {
     },
     communityFields() {
       return Object.keys(this.communityData);
+    },
+    canEditInfo() {
+      // TODO use sensitive data permission in the future
+      return this.currentUserIsAdmin || this.currentUser.id === this.selected.id;
     }
   }
 };

diff --git a/app/javascript/profile/person_details.vue b/app/javascript/profile/person_details.vue
@@ -66,8 +66,8 @@
       <template #default="{fields}">
         <b-form-group label="Anyone that should not be assigned to be on a panel with participant">
           <!-- TODO change edit permissions to sensitive data tickybox -->
-          <b-form-textarea v-if="currentUserIsAdmin" v-model="fields.do_not_assign_with"></b-form-textarea>
-          <b-form-textarea v-if="!currentUserIsAdmin" disabled value="Restricted"></b-form-textarea>
+          <b-form-textarea v-if="canEditSensitiveInfo" v-model="fields.do_not_assign_with"></b-form-textarea>
+          <b-form-textarea v-if="!canEditSensitiveInfo" disabled value="Restricted"></b-form-textarea>
         </b-form-group>
 
         <b-form-group label="Permission to be included in a livestreamed program">
@@ -313,6 +313,10 @@ export default {
         label: "Yes, except for items focused on the topics listed below.",
         value: "maybe"};
     },
+    canEditSensitiveInfo() {
+      // TODO in the future use the sensitive data permission instead of the admin setting
+      return this.currentUserIsAdmin || this.currentUser.id === this.selected.id;
+    }
   },
 }
 </script>